<?php
    ob_start();
    session_start();
    include("dbinfo.inc.php");
    mysql_connect(localhost,$username,$password);
    @mysql_select_db($database) or die( "Unable to select database");

    // get userID from the DB using the name
    $query="select ID from Account where userName like '$_POST[userName]';";
    $resultID=mysql_query($query);
    if (!$resultID) {
        //echo "Error selecting ID from Account: " . mysql_error();
        //die("");
	$userExists=0;
    }
    else {
	$userExists=1;
	$userID=mysql_result($resultID,0, "ID");
    }
    
    $query = "SELECT * FROM Trail WHERE";
    $insert_params = "INSERT INTO Filter (userID,";
    $insert_values = "VALUES ($userID,";
    
    //Length filter
    if((int)$_POST[length] >= 0 && (int)$_POST[length] < 20){
        $upper = $_POST[length]+10;
        $query.=" length <=$upper AND length >=$_POST[length]";
        $_SESSION['length'] = $_POST[length];
        $addAnd=1;

        $mid_length = $_POST[length] + 5;
        $insert_params.="length";
        $insert_values.="$mid_length";
    }
    elseif((int)$_POST[length] == 20){
        $query.=" length >=$_POST[length]";
        $_SESSION['length'] = $_POST[length];
        $addAnd=1;

        $insert_params.="length";
        $insert_values.="$_POST[length]+5";
    }
    else {
        $_SESSION['length'] = NULL;
        $addAnd=0;
    }
    
    //Highest Altitude filter
    if((int)$_POST[highest_altitude] >= 0 && (int)$_POST[highest_altitude] < 12000){
        if ($addAnd==1) {
            $query.=" AND";
	    $insert_params.=",";
	    $insert_values.=",";
        }
        $addAnd=1;
        $upper = $_POST[highest_altitude]+3000;
        $query.=" highest_altitude <=$upper AND highest_altitude >=$_POST[highest_altitude]";
        $_SESSION['highest_altitude'] = $_POST[highest_altitude];

        $mid_highest_altitude = $_POST[highest_altitude] + 1500;
        $insert_params.="highest_altitude";
        $insert_values.="$mid_highest_altitude";
    }
    elseif((int)$_POST[highest_altitude] == 12000){
        if ($addAnd==1) {
            $query.=" AND";
	    $insert_params.=",";
	    $insert_values.=",";
        }
        $addAnd=1;
        $query.=" highest_altitude >= $POST[highest_altitude]";
        $_SESSION['highest_altitude'] = $_POST[highest_altitude];

        $insert_params.="highest_altitude";
        $insert_values.="$_POST[highest_altitude]+1500";
    }
    else {
        $_SESSION['highest_altitude'] = NULL;
        $addAnd=0;
    }
    
    //Difficulty filter
    if((int)$_POST[difficulty] >= 0 && (int)$_POST[difficulty] < 6){
        if ($addAnd==1) {
            $query.=" AND";
	    $insert_params.=",";
	    $insert_values.=",";
        }
        $upper = $_POST[difficulty]+3;
        $query.=" difficulty <=$upper AND difficulty >=$_POST[difficulty]";
        $_SESSION['difficulty'] = $_POST[difficulty];

        $mid_difficulty = $_POST[difficulty] + 1.5;
        $insert_params.="difficulty";
        $insert_values.="$mid_difficulty";
    }
    elseif((int)$_POST[difficulty] == 6){
        if ($addAnd==1) {
            $query.=" AND";
	    $insert_params.=",";
	    $insert_values.=",";
        }
        $query.=" difficulty >= $_POST[difficulty]";
        $_SESSION['difficulty'] = $_POST[difficulty];

        $insert_params.="difficulty";
        $insert_values.="$_POST[difficulty]+1.5";
    }else{
        $_SESSION['difficulty'] = NULL;
    }

    if(strstr($query, '<=') != FALSE || strstr($query, '>=') != FALSE){
        /*if (!mysql_query($query)) {
         echo "Error filtering Trails: " . mysql_error();
         }*/
        $_SESSION['filterTrailQuery'] = $query;
    }else{
        $_SESSION['filterTrailQuery'] = NULL;
        $_SESSION['length'] = NULL;
        $_SESSION['highest_altitude'] = NULL;
        $_SESSION['difficulty'] = NULL;
    }

    $insert_params.=") ";
    $insert_values.=");";
    if ($userExists == 1 and $insert_values != "VALUES ($userID,);") {
        $insert_query=$insert_params . $insert_values;
        if (!mysql_query($insert_query)) {
            echo "Error saving filter: " . mysql_error();
        }
    }
    
    session_write_close();
    mysql_close();
    header("Location: index.php");
    ob_flush();
    ?>
